claude-tempo 0.28.0 → 0.29.1

package/CLAUDE.md

@@ -91,6 +91,7 @@ src/
 │   ├── pause.ts / play.ts / shutdown.ts / restore.ts
 │   ├── hosts.ts / set-ensemble-description.ts
 │   ├── save-state.ts / fetch-state.ts / clear-state.ts
+│   ├── coat-check-put.ts / coat-check-get.ts / coat-check-list.ts / coat-check-evict.ts
 │   └── helpers.ts     # Zod/MCP tool registration wrapper
 ├── tui/
 │   ├── App.tsx / store.ts / commands.ts   # TUI root, state, slash commands
@@ -170,6 +171,7 @@ daemon worker notes, `npx ts-node` dev runner).
 - **Claude Code headless adapter** (`agent: 'claude-code-headless'`, #520): Headless adapter that drives sessions via the official `claude` CLI as a per-turn `claude -p --output-format stream-json` subprocess. The whole point: turns bill against the host's existing Claude Code subscription extra-usage credits (Pro / Max plans) rather than a Console workspace API key — the only ToS-clean way for a third-party tool to tap that pool. Requires the `claude` binary on PATH AND a logged-in Claude Code session (`claude auth login`); recruit pre-flight rejects with an actionable error otherwise. Tool surface is the union of full Claude Code built-ins (Bash / Read / Write / Edit / Glob / Grep / WebSearch / WebFetch) and the claude-tempo MCP surface — registered via inline `--mcp-config` so `claude` spawns `dist/server.js` as its own MCP child (no in-process bridge). Recruit knobs: `permissionMode` (default `'acceptEdits'`) or `dangerouslySkipPermissions: true` (mutually exclusive). Sessions resume across restart via the existing `sessionId` metadata field — the same UUID is shared with the interactive `claude-code` adapter (per-cwd JSONL is per-cwd, not per-adapter). See `src/adapters/claude-code-headless/` and `examples/ensembles/tempo-headless-jam.yaml`.
 - **Mock adapter** (`agent: 'mock'`, dev mode only): Four modes: `echo` (echoes input), `scripted` (replays YAML scenario rules), `silent` (drains messages without replying — heartbeat-stale validation), `chaos` (probabilistic fail/crash injection via seeded PRNG). Only registered when `isDevMode()` is true; stripped from the npm tarball by `prepack`. See `src/adapters/mock/`.
 - **Saveable state** (#334, ADR 0011): Per-player curated state slots — the player itself decides what context survives a restart. Three MCP tools: `save_state` (owner-only write, max 4 slots × 32 KiB), `fetch_state` (read self or peer; audit identity recorded on each entry's `savedBy`), `clear_state` (owner-only). `restart` accepts `loadFromState: true | 'someKey'` to seed the new session from a saved-state slot instead of (or, with `transcript: 'replay'`, alongside) transcript replay. Saved-state delivery uses `from: 'self-restart'` as a stable system identity. Empty-slot fallback: graceful — falls through to transcript replay with a log line. See [docs/design/334-player-saveable-state.md](docs/design/334-player-saveable-state.md).
+- **Coat-check** (#318, ADR 0008): Per-ensemble transient content store on Maestro state. Solves the 100 KB cue body cap — stash a large artifact with `coat_check_put` (returns a ticket id) and attach the ticket to a `cue` via `attachmentTicket`; the recipient calls `coat_check_get` to pull the full body. Four MCP tools: `coat_check_put` (any player; max 32 KiB per entry, 20 slots per ensemble, TTL 7d default), `coat_check_get` (any player; bumps fetch-audit counters), `coat_check_list` (read-only survey; headers only, content omitted), `coat_check_evict` (owner or conductor). Saturation rejects with `CoatCheckSlotsFull` (no LRU eviction). See `src/tools/coat-check-*.ts` and [docs/adr/0008-coat-check-pattern.md](docs/adr/0008-coat-check-pattern.md).
 - **Lineup examples**: Six pre-built ensemble YAML files in `examples/ensembles/` — `tempo-big-band`, `tempo-dev-team`, `tempo-review-squad`, `tempo-jam-session`, `tempo-mock-jam` (dev-mode all-mock ensemble), `tempo-headless-jam` (#520 — all-`claude-code-headless` subscription-billed ensemble). Load with `claude-tempo up --lineup <name>` or the `load_lineup` tool.
 - **GitHub App identity** (`claude-tempo[bot]`): When a player writes to GitHub — issue comments, PR creation/merge, commits, labels, check runs — **use `./scripts/ensemble-gh`** instead of `gh`. The wrapper mints a short-lived installation token so the action is attributed to `claude-tempo[bot]`, not to the human maintainer, making the AI authorship visible. Plain `gh` is still correct for read-only local dev (`gh pr view`, `gh repo clone`, `gh auth status`). Every bot-authored comment/PR body must include the AI attribution footer documented in [docs/github-app.md](docs/github-app.md).
 

package/dashboard/package.json

@@ -1,7 +1,7 @@
 {
   "name": "claude-tempo-dashboard",
   "private": true,
-  "version": "0.28.0",
+  "version": "0.29.1",
   "type": "module",
   "description": "Web dashboard for claude-tempo. Bundled into the npm package; served by the daemon at /dashboard/*.",
   "scripts": {

package/dist/activities/outbox.d.ts

@@ -15,6 +15,14 @@ export interface DeliverCueInput {
      * later TUI grouping. `undefined` for non-broadcast direct cues.
      */
     broadcastId?: string;
+    /**
+     * #318: Coat-check ticket referencing content stashed via
+     * `coat_check_put`. Threaded through to the target's `receiveMessage`
+     * signal so the stored `Message` carries it and the recipient can
+     * pull the body via `coat_check_get`. `undefined` for cues without an
+     * attachment.
+     */
+    attachmentTicket?: string;
 }
 export interface DeliverReportInput {
     ensemble: string;

package/dist/activities/outbox.js

@@ -140,19 +140,20 @@ function classifyAndRethrow(err, contextPrefix) {
 function createOutboxActivities(client, config) {
     return {
         async deliverCue(input) {
-            const { ensemble, fromPlayerId, targetPlayerId, message, broadcastId } = input;
+            const { ensemble, fromPlayerId, targetPlayerId, message, broadcastId, attachmentTicket } = input;
             try {
                 const handle = await (0, resolve_1.resolveSession)(client, ensemble, targetPlayerId);
                 if (!handle) {
                     throw activity_1.ApplicationFailure.nonRetryable(`No active session found for "${targetPlayerId}"`);
                 }
-                // #357: thread broadcastId (when present) onto the receiver's
-                // `receiveMessage` signal payload. Additive optional field —
-                // direct cues omit it.
+                // #357 + #318: thread broadcastId / attachmentTicket onto the
+                // receiver's `receiveMessage` signal payload. Both fields are
+                // additive optionals — direct cues omit one or both.
                 await handle.signal('receiveMessage', {
                     from: fromPlayerId,
                     text: message,
                     ...(broadcastId !== undefined ? { broadcastId } : {}),
+                    ...(attachmentTicket !== undefined ? { attachmentTicket } : {}),
                 });
                 return { success: true };
             }

package/dist/server-tools.js

@@ -40,6 +40,11 @@ const set_ensemble_description_1 = require("./tools/set-ensemble-description");
 const save_state_1 = require("./tools/save-state");
 const fetch_state_1 = require("./tools/fetch-state");
 const clear_state_1 = require("./tools/clear-state");
+// #318 — ensemble-shared coat-check (put / get / list / evict).
+const coat_check_put_1 = require("./tools/coat-check-put");
+const coat_check_get_1 = require("./tools/coat-check-get");
+const coat_check_list_1 = require("./tools/coat-check-list");
+const coat_check_evict_1 = require("./tools/coat-check-evict");
 /**
  * Register every tempo MCP tool onto `server`. Single source of truth — the
  * stdio MCP server (`src/server.ts`) and the in-process MCP server in the
@@ -83,6 +88,13 @@ function registerAllTempoTools(server, opts) {
     (0, save_state_1.registerSaveStateTool)(server, handle, getPlayerId);
     (0, fetch_state_1.registerFetchStateTool)(server, client, config, handle, getPlayerId);
     (0, clear_state_1.registerClearStateTool)(server, handle);
+    // #318 — ensemble-shared coat-check (put/get/list/evict). Any player can put;
+    // any player can get/list; owner-or-conductor can evict. Audit identity is
+    // set at the tool layer via getPlayerId() — no playerId arg on any schema.
+    (0, coat_check_put_1.registerCoatCheckPutTool)(server, client, config, getPlayerId);
+    (0, coat_check_get_1.registerCoatCheckGetTool)(server, client, config, getPlayerId);
+    (0, coat_check_list_1.registerCoatCheckListTool)(server, client, config);
+    (0, coat_check_evict_1.registerCoatCheckEvictTool)(server, client, config, getPlayerId);
     if (isConductor) {
         (0, quality_gate_1.registerQualityGateTool)(server, handle, getPlayerId);
         (0, evaluate_gate_1.registerEvaluateGateTool)(server, handle, getPlayerId);

package/dist/tools/coat-check-evict.d.ts

@@ -0,0 +1,4 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { Client } from '@temporalio/client';
+import { Config } from '../config';
+export declare function registerCoatCheckEvictTool(server: McpServer, client: Client, config: Config, getPlayerId: () => string): void;

package/dist/tools/coat-check-evict.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerCoatCheckEvictTool = registerCoatCheckEvictTool;
+/**
+ * `coat_check_evict` — remove a coat-check entry (#318, ADR 0008) before
+ * its TTL expires. Owner-or-conductor only: the workflow validator rejects
+ * mismatched `evictedBy` with `CoatCheckEvictPermissionDenied`. Returns
+ * `evicted: false` when the ticket was already missing / expired before
+ * the call landed.
+ *
+ * Audit identity (`evictedBy`) is set by the tool layer from
+ * `getPlayerId()` — there is NO `evictedBy` arg on the MCP schema.
+ */
+const zod_1 = require("zod");
+const config_1 = require("../config");
+const maestro_signals_1 = require("../workflows/maestro-signals");
+const helpers_1 = require("./helpers");
+const validation_1 = require("../utils/validation");
+function registerCoatCheckEvictTool(server, client, config, getPlayerId) {
+    (0, helpers_1.defineTool)(server, 'coat_check_evict', `Evict a coat-check entry (#318) before its TTL expires. Owner-or-conductor only — non-owners (and non-conductors) get a permission error.
+
+Use to free a slot when this ensemble is at the 20-entry cap and you want to make room. \`evicted: false\` means the ticket was already gone (TTL-expired or evicted by someone else).`, {
+        ticket: zod_1.z.string().regex(validation_1.COAT_CHECK_TICKET_REGEX).max(validation_1.COAT_CHECK_TICKET_MAX).describe(`The ticket id returned by an earlier \`coat_check_put\` (≤${validation_1.COAT_CHECK_TICKET_MAX} chars).`),
+    }, async (args) => {
+        const { ticket } = args;
+        const evictedBy = getPlayerId();
+        try {
+            const handle = client.workflow.getHandle((0, config_1.maestroWorkflowId)(config.ensemble));
+            const result = await handle.executeUpdate(maestro_signals_1.coatCheckEvictUpdate, {
+                args: [{ ticket, evictedBy }],
+            });
+            if (!result.evicted) {
+                return (0, helpers_1.ok)(`Ticket **${ticket}** was already gone (no-op).`);
+            }
+            return (0, helpers_1.ok)(`Evicted ticket **${ticket}**.`);
+        }
+        catch (err) {
+            // Surfaces `CoatCheckEvictPermissionDenied` ApplicationFailure with
+            // owner/conductor diagnostic from the workflow validator.
+            return (0, helpers_1.fail)(`Failed to evict ticket: ${(0, helpers_1.formatError)(err)}`);
+        }
+    });
+}

package/dist/tools/coat-check-get.d.ts

@@ -0,0 +1,4 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { Client } from '@temporalio/client';
+import { Config } from '../config';
+export declare function registerCoatCheckGetTool(server: McpServer, client: Client, config: Config, getPlayerId: () => string): void;

package/dist/tools/coat-check-get.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerCoatCheckGetTool = registerCoatCheckGetTool;
+/**
+ * `coat_check_get` — redeem a coat-check ticket and pull the stashed content
+ * (#318, ADR 0008). Returns the entry's summary, content body, and audit
+ * fields, or `null` when the ticket is missing / expired / evicted (no
+ * error-class proliferation for the common "ticket already gone" case).
+ *
+ * Audit identity (`fetchedBy`) is set by the tool layer from `getPlayerId()`
+ * — there is NO `fetchedBy` arg on the MCP schema. The workflow handler
+ * bumps `lastFetchedAt` / `lastFetchedBy` / `fetchCount` on the entry so
+ * the putter can later see whether anyone has redeemed.
+ *
+ * Implemented as a workflow Update (not Query) because the fetch-audit
+ * counters mutate state — Queries cannot mutate.
+ */
+const zod_1 = require("zod");
+const config_1 = require("../config");
+const maestro_signals_1 = require("../workflows/maestro-signals");
+const helpers_1 = require("./helpers");
+const validation_1 = require("../utils/validation");
+function registerCoatCheckGetTool(server, client, config, getPlayerId) {
+    (0, helpers_1.defineTool)(server, 'coat_check_get', `Redeem a coat-check ticket (#318) and pull the stashed content. Returns the entry's summary, content body, and audit info — or "not found" when the ticket is missing / expired / evicted (no error, just empty).
+
+Successful redemptions bump the entry's fetch-audit counters (\`lastFetchedAt\` / \`lastFetchedBy\` / \`fetchCount\`) so the putter can later see whether anyone has redeemed. \`coat_check_list\` won't bump these — only an actual redemption counts.`, {
+        ticket: zod_1.z.string().regex(validation_1.COAT_CHECK_TICKET_REGEX).max(validation_1.COAT_CHECK_TICKET_MAX).describe(`The ticket id returned by an earlier \`coat_check_put\` (≤${validation_1.COAT_CHECK_TICKET_MAX} chars).`),
+    }, async (args) => {
+        const { ticket } = args;
+        const fetchedBy = getPlayerId();
+        try {
+            const handle = client.workflow.getHandle((0, config_1.maestroWorkflowId)(config.ensemble));
+            const entry = await handle.executeUpdate(maestro_signals_1.coatCheckGetUpdate, {
+                args: [{ ticket, fetchedBy }],
+            });
+            if (!entry) {
+                return (0, helpers_1.ok)(`Ticket **${ticket}** is not found (missing, expired, or evicted).`);
+            }
+            const lines = [
+                `**Ticket ${ticket}** — stashed by ${entry.putBy} at ${entry.putAt}, expires ${entry.expiresAt}`,
+                `Summary: ${entry.summary}`,
+            ];
+            if (entry.contentType)
+                lines.push(`Content-Type: ${entry.contentType}`);
+            lines.push(`Size: ${entry.size} bytes`);
+            lines.push(`Fetches: ${entry.fetchCount}${entry.lastFetchedBy ? ` (last by ${entry.lastFetchedBy} at ${entry.lastFetchedAt})` : ''}`);
+            lines.push('');
+            lines.push('---');
+            lines.push(entry.content);
+            return (0, helpers_1.ok)(lines.join('\n'));
+        }
+        catch (err) {
+            return (0, helpers_1.fail)(`Failed to redeem ticket: ${(0, helpers_1.formatError)(err)}`);
+        }
+    });
+}

package/dist/tools/coat-check-list.d.ts

@@ -0,0 +1,4 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { Client } from '@temporalio/client';
+import { Config } from '../config';
+export declare function registerCoatCheckListTool(server: McpServer, client: Client, config: Config): void;

package/dist/tools/coat-check-list.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerCoatCheckListTool = registerCoatCheckListTool;
+/**
+ * `coat_check_list` — list coat-check entry headers (#318, ADR 0008) for
+ * the calling player's ensemble. Read-only — does NOT bump fetch-audit
+ * counters (only an actual `coat_check_get` redemption counts).
+ *
+ * Returns headers (no `content` body) sorted newest-first. Optional
+ * `putBy` / `prefix` / `unfetchedOnly` filters narrow the result.
+ */
+const zod_1 = require("zod");
+const config_1 = require("../config");
+const maestro_signals_1 = require("../workflows/maestro-signals");
+const helpers_1 = require("./helpers");
+const validation_1 = require("../utils/validation");
+function registerCoatCheckListTool(server, client, config) {
+    (0, helpers_1.defineTool)(server, 'coat_check_list', `List coat-check entries (#318) for this ensemble. Read-only — does NOT bump fetch-audit counters; only \`coat_check_get\` does. Sorted newest-first. Pass \`unfetchedOnly: true\` to surface entries nobody has redeemed yet — useful for an owner cleaning up stale stashes.`, {
+        putBy: zod_1.z.string().max(validation_1.PLAYER_NAME_MAX).optional().describe('Optional filter — only entries stashed by this player.'),
+        prefix: zod_1.z.string().max(validation_1.COAT_CHECK_SUMMARY_MAX).optional().describe('Optional summary-prefix filter — narrows the listing to entries whose summary starts with this string.'),
+        unfetchedOnly: zod_1.z.boolean().optional().describe('When true, only return entries with fetchCount=0 (never redeemed). Default false.'),
+    }, async (args) => {
+        const { putBy, prefix, unfetchedOnly } = args;
+        try {
+            const handle = client.workflow.getHandle((0, config_1.maestroWorkflowId)(config.ensemble));
+            const filter = {
+                ...(putBy !== undefined ? { putBy } : {}),
+                ...(prefix !== undefined ? { prefix } : {}),
+                ...(unfetchedOnly !== undefined ? { unfetchedOnly } : {}),
+            };
+            const headers = await handle.query(maestro_signals_1.coatCheckListQuery, filter);
+            if (headers.length === 0) {
+                const filters = [];
+                if (putBy)
+                    filters.push(`putBy="${putBy}"`);
+                if (prefix)
+                    filters.push(`prefix="${prefix}"`);
+                if (unfetchedOnly)
+                    filters.push('unfetchedOnly=true');
+                const suffix = filters.length > 0 ? ` (filter: ${filters.join(', ')})` : '';
+                return (0, helpers_1.ok)(`No coat-check entries in this ensemble${suffix}.`);
+            }
+            const lines = [];
+            lines.push(`${headers.length}/${validation_1.COAT_CHECK_SLOTS_MAX} coat-check ${headers.length === 1 ? 'entry' : 'entries'}:`);
+            lines.push('');
+            for (const h of headers) {
+                const fetchTag = h.fetchCount === 0
+                    ? ' (unfetched)'
+                    : ` (fetched ${h.fetchCount}× by ${h.lastFetchedBy ?? '(unknown)'} at ${h.lastFetchedAt ?? '(unknown)'})`;
+                const typeTag = h.contentType ? ` [${h.contentType}]` : '';
+                lines.push(`- **${h.ticket}** ${typeTag}— ${h.summary}`);
+                lines.push(`    putBy=${h.putBy} · putAt=${h.putAt} · expires=${h.expiresAt} · ${h.size} bytes${fetchTag}`);
+            }
+            return (0, helpers_1.ok)(lines.join('\n'));
+        }
+        catch (err) {
+            return (0, helpers_1.fail)(`Failed to list coat-check entries: ${(0, helpers_1.formatError)(err)}`);
+        }
+    });
+}

package/dist/tools/coat-check-put.d.ts

@@ -0,0 +1,4 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { Client } from '@temporalio/client';
+import { Config } from '../config';
+export declare function registerCoatCheckPutTool(server: McpServer, client: Client, config: Config, getPlayerId: () => string): void;

package/dist/tools/coat-check-put.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerCoatCheckPutTool = registerCoatCheckPutTool;
+/**
+ * `coat_check_put` — stash a large content body on per-ensemble Maestro state
+ * (#318, ADR 0008). Returns a ticket id that any player in the ensemble can
+ * later redeem via `coat_check_get` (or pass on a `cue`'s `attachmentTicket`
+ * field so the recipient knows what to fetch).
+ *
+ * Audit identity (`putBy`) is set by the tool layer from `getPlayerId()` —
+ * the MCP schema has NO `playerId` arg, so callers cannot spoof. Same
+ * structural-permission pattern as `save_state` (#334).
+ */
+const zod_1 = require("zod");
+const config_1 = require("../config");
+const maestro_signals_1 = require("../workflows/maestro-signals");
+const helpers_1 = require("./helpers");
+const validation_1 = require("../utils/validation");
+function registerCoatCheckPutTool(server, client, config, getPlayerId) {
+    (0, helpers_1.defineTool)(server, 'coat_check_put', `Stash a large content body on this ensemble's coat-check (#318). Returns a ticket id any player can redeem later via \`coat_check_get\`. Pass the ticket on a \`cue\`'s \`attachmentTicket\` field so the recipient knows what to fetch.
+
+Use this when your message body would otherwise exceed the cue's 100 KB cap — researcher reports, review-item dumps, etc. The cue body should carry a short summary; the coat-check entry holds the full artifact.
+
+Limits: ${validation_1.COAT_CHECK_CONTENT_MAX} bytes (UTF-8) per entry, max ${validation_1.COAT_CHECK_SLOTS_MAX} live entries per ensemble. Saturation rejects with \`CoatCheckSlotsFull\` — wait for TTL or \`coat_check_evict\` an entry you own. TTL defaults to 7 days (configurable per put within [1h, 30d]).`, {
+        summary: zod_1.z.string().min(1).max(validation_1.COAT_CHECK_SUMMARY_MAX).describe(`Short preamble surfaced in \`coat_check_list\` and on dashboards (≤${validation_1.COAT_CHECK_SUMMARY_MAX} chars). 1-2 sentences describing what the recipient gets if they redeem.`),
+        content: zod_1.z.string().min(1).max(validation_1.COAT_CHECK_CONTENT_MAX).describe(`The full content body — markdown encouraged, opaque to the system. Max ${validation_1.COAT_CHECK_CONTENT_MAX} bytes (UTF-8).`),
+        contentType: zod_1.z.string().max(validation_1.COAT_CHECK_CONTENT_TYPE_MAX).optional().describe(`Optional MIME-shaped hint (e.g. "text/markdown"). Free-form; ≤${validation_1.COAT_CHECK_CONTENT_TYPE_MAX} chars.`),
+        ttlMs: zod_1.z.number().int().min(validation_1.COAT_CHECK_TTL_MIN_MS).max(validation_1.COAT_CHECK_TTL_MAX_MS).optional().describe(`Time-to-live in milliseconds. Default ${validation_1.COAT_CHECK_TTL_DEFAULT_MS} (7 days). Range [${validation_1.COAT_CHECK_TTL_MIN_MS}, ${validation_1.COAT_CHECK_TTL_MAX_MS}] (1h to 30d).`),
+    }, async (args) => {
+        const { summary, content, contentType, ttlMs } = args;
+        const putBy = getPlayerId();
+        try {
+            const handle = client.workflow.getHandle((0, config_1.maestroWorkflowId)(config.ensemble));
+            const result = await handle.executeUpdate(maestro_signals_1.coatCheckPutUpdate, {
+                args: [{
+                        summary,
+                        content,
+                        ...(contentType !== undefined ? { contentType } : {}),
+                        ...(ttlMs !== undefined ? { ttlMs } : {}),
+                        putBy,
+                    }],
+            });
+            return (0, helpers_1.ok)(`Stashed as ticket **${result.ticket}** (expires ${result.expiresAt}). Slots: ${result.slotsUsed}/${result.slotsTotal}.`);
+        }
+        catch (err) {
+            // The workflow validator surfaces structured ApplicationFailure
+            // errors (`CoatCheckSlotsFull`, `CoatCheckEntryTooLarge`, …). The
+            // `formatError` message preserves the workflow text so the LLM
+            // sees the oldest-3 ticket list and can pick which to evict.
+            return (0, helpers_1.fail)(`Failed to stash content: ${(0, helpers_1.formatError)(err)}`);
+        }
+    });
+}

package/dist/tools/cue.js

@@ -56,11 +56,12 @@ function formatDetachedDeliveryError(playerId, phase) {
         `(3) the workflow inbox queues the signal and auto-delivers on re-attach.`);
 }
 function registerCueTool(server, client, config, getPlayerId, handle) {
-    (0, helpers_1.defineTool)(server, 'cue', 'Send a message to another Claude Code session by player name. Delivered instantly via Temporal signal.', {
+    (0, helpers_1.defineTool)(server, 'cue', 'Send a message to another Claude Code session by player name. Delivered instantly via Temporal signal. For content larger than ~100 KB, use `coat_check_put` to stash the body and pass the returned ticket via `attachmentTicket` — the cue body itself should carry a short summary the recipient can act on without fetching.', {
         playerId: zod_1.z.string().max(validation_1.PLAYER_NAME_MAX).describe('The player name of the target session'),
         message: zod_1.z.string().max(validation_1.MESSAGE_MAX).describe('The message to send'),
+        attachmentTicket: zod_1.z.string().regex(validation_1.COAT_CHECK_TICKET_REGEX).max(validation_1.COAT_CHECK_TICKET_MAX).optional().describe('Optional coat-check ticket (#318). Reference content stashed via `coat_check_put`; the receiver sees the ticket on their `recall` message and can pull the body via `coat_check_get`. Backward-compatible — omit for normal cues.'),
     }, async (args) => {
-        const { playerId, message } = args;
+        const { playerId, message, attachmentTicket } = args;
         const nameError = (0, validation_1.validatePlayerName)(playerId);
         if (nameError)
             return (0, helpers_1.fail)(nameError);
@@ -99,6 +100,7 @@ function registerCueTool(server, client, config, getPlayerId, handle) {
                 type: 'cue',
                 targetPlayerId: playerId,
                 message,
+                ...(attachmentTicket !== undefined ? { attachmentTicket } : {}),
             };
             const entryId = await handle.executeUpdate(signals_1.submitOutboxUpdate, { args: [entry] });
             return (0, helpers_1.ok)(`Message sent to ${playerId}. (outbox: ${entryId})`);

package/dist/tools/worktree.js

@@ -41,7 +41,7 @@ const helpers_1 = require("./helpers");
 const worktree_1 = require("../utils/worktree");
 const validation_1 = require("../utils/validation");
 function registerWorktreeTool(server, client, config, handle, getPlayerId) {
-    (0, helpers_1.defineTool)(server, 'worktree', 'Manage git worktrees for player isolation. Conductor only. Actions: create (provision worktree for a player), remove (clean up), list (show active worktrees). Use when multiple players commit to different branches of the same repo simultaneously; skip for read-only work, sequential work, or tasks under ~5 min. See docs/orchestration.md#when-to-use-worktrees.', {
+    (0, helpers_1.defineTool)(server, 'worktree', 'Manage git worktrees for player isolation. Conductor only. Actions: create (provision worktree for a player), remove (clean up), list (show active worktrees). Use when multiple players commit to different branches of the same repo simultaneously; skip for read-only work, sequential work, or tasks under ~5 min. IMPORTANT: before `remove`, have the player stop any long-running processes inside the worktree (dev servers, file watchers) — on Windows a memory-mapped native module will block directory removal and `remove` will fail. See docs/orchestration.md#when-to-use-worktrees.', {
         action: zod_1.z.enum(['create', 'remove', 'list']).describe('Action to perform'),
         player: zod_1.z.string().max(validation_1.PLAYER_NAME_MAX).optional().describe('Player name (required for create/remove)'),
         branch: zod_1.z.string().optional().describe('Git branch for the worktree (defaults to {ensemble}/{player-name})'),
@@ -132,9 +132,22 @@ function registerWorktreeTool(server, client, config, handle, getPlayerId) {
                     if (!entry) {
                         return (0, helpers_1.fail)(`No worktree found for player "${player}".`);
                     }
-                    // Remove from disk
-                    (0, worktree_1.removeWorktree)(entry.path);
-                    // Remove from conductor state
+                    // Remove from disk. #594: removeWorktree throws if the directory
+                    // survives the removal (Windows file-lock half-removal). We must
+                    // NOT signal `removeWorktree` state or cue the player until disk
+                    // removal is confirmed — otherwise Temporal state records "no
+                    // worktree" while a locked orphan directory remains on disk, and
+                    // the next `create` fails with a confusing git fatal.
+                    try {
+                        (0, worktree_1.removeWorktree)(entry.path, entry.gitRoot);
+                    }
+                    catch (err) {
+                        return (0, helpers_1.fail)(`Worktree for **${player}** could not be removed: ${(0, helpers_1.formatError)(err)}\n\n` +
+                            `Conductor state is unchanged — the worktree is still tracked. ` +
+                            `Have the player stop any long-running processes inside the worktree ` +
+                            `(dev servers, file watchers), then retry \`worktree remove\`.`);
+                    }
+                    // Remove from conductor state (only reached on confirmed disk removal)
                     await handle.signal('removeWorktree', player);
                     // Auto-cue the player
                     try {

package/dist/types.d.ts

@@ -437,6 +437,13 @@ export interface Message {
      * for non-broadcast direct cues.
      */
     broadcastId?: string;
+    /**
+     * #318: Coat-check ticket id when the sender stashed content via
+     * `coat_check_put` and called `cue` with `attachmentTicket`. Receivers
+     * call `coat_check_get` with this value to pull the full content body.
+     * `undefined` for cues without an attachment.
+     */
+    attachmentTicket?: string;
 }
 export interface SentMessage {
     id: string;
@@ -485,6 +492,14 @@ export interface CueOutboxEntry extends OutboxEntryBase {
      * into a single chat row. `undefined` for non-broadcast cues.
      */
     broadcastId?: string;
+    /**
+     * #318: Optional coat-check ticket id referencing content stashed on
+     * per-ensemble Maestro state via `coat_check_put`. Receivers see this
+     * field on their delivered `Message` and can call `coat_check_get` to
+     * pull the full content body. Backward-compatible — pre-#318 cues just
+     * don't have it.
+     */
+    attachmentTicket?: string;
 }
 export interface RecruitOutboxEntry extends OutboxEntryBase {
     type: 'recruit';
@@ -941,5 +956,65 @@ export interface MaestroInput {
         startMs: number;
         count: number;
     };
+    /**
+     * #318 coat-check pattern — ticket-keyed stash for large content. Carried
+     * across CAN only when the map is non-empty (mirrors the `playerState`
+     * carry idiom in `src/workflows/session.ts:1617-1638`).
+     */
+    coatCheck?: Record<string, CoatCheckEntry>;
+}
+/**
+ * A single coat-check entry as stored on per-ensemble Maestro workflow
+ * state. `content` is opaque to the system — author-supplied markdown,
+ * JSON, or arbitrary text up to `COAT_CHECK_CONTENT_MAX`. All timestamps
+ * are ISO 8601 from `workflowNow()` for replay determinism.
+ *
+ * The `lastFetched*` / `fetchCount` triple is the fetch-audit surface
+ * vinceblank added on top of the architect's verdict — owners need to
+ * know if a recipient consumed their ticket. Default semantics: undefined
+ * `lastFetchedAt` + `fetchCount === 0` means "never fetched."
+ */
+export interface CoatCheckEntry {
+    /** Short human-readable preamble (≤ `COAT_CHECK_SUMMARY_MAX`). */
+    summary: string;
+    /** Opaque body (≤ `COAT_CHECK_CONTENT_MAX` UTF-8 bytes). */
+    content: string;
+    /** Optional MIME-shaped hint (e.g. `'text/markdown'`); free-form. */
+    contentType?: string;
+    /** Audit identity — player who called `coat_check_put`. */
+    putBy: string;
+    /** When the entry was admitted, `workflowNow().toISOString()`. */
+    putAt: string;
+    /** When the entry expires under TTL inline-sweep, `workflowNow().toISOString()`. */
+    expiresAt: string;
+    /** UTF-8 byte length of `content` — pre-computed at put time for cheap listing. */
+    size: number;
+    /** Last successful `coat_check_get` timestamp, or undefined if never fetched. */
+    lastFetchedAt?: string;
+    /** Last `coat_check_get` caller's playerId, or undefined if never fetched. */
+    lastFetchedBy?: string;
+    /** Successful `coat_check_get` count. 0 until first fetch. */
+    fetchCount: number;
+}
+/**
+ * Listing projection — `coat_check_list` and the put/evict update return
+ * shapes that omit `content` so callers can survey without pulling the
+ * whole body for every entry. `size` is preserved so dashboards can
+ * present an at-a-glance "how big" without an extra fetch.
+ */
+export interface CoatCheckEntryHeader {
+    ticket: string;
+    summary: string;
+    contentType?: string;
+    putBy: string;
+    putAt: string;
+    expiresAt: string;
+    size: number;
+    /** Mirrors `CoatCheckEntry.lastFetchedAt`. */
+    lastFetchedAt?: string;
+    /** Mirrors `CoatCheckEntry.lastFetchedBy`. */
+    lastFetchedBy?: string;
+    /** Mirrors `CoatCheckEntry.fetchCount`. */
+    fetchCount: number;
 }
 export {};

package/dist/utils/validation.d.ts

@@ -28,6 +28,24 @@ export declare const PLAYER_STATE_KEY_MAX = 32;
 export declare const PLAYER_STATE_CONTENT_MAX: number;
 /** Maximum number of populated slots per player. Saturation rejects with `PlayerStateSlotsFull`. */
 export declare const PLAYER_STATE_SLOTS_MAX = 4;
+/** Coat-check ticket id pattern. Alphanumeric + underscore + hyphen, generated server-side via `uuid4()`. */
+export declare const COAT_CHECK_TICKET_REGEX: RegExp;
+/** Maximum coat-check ticket id length. Generous to accommodate uuid4 + future versioning prefixes. */
+export declare const COAT_CHECK_TICKET_MAX = 64;
+/** Maximum content size per coat-check entry — 32 KiB. Mirrors `PLAYER_STATE_CONTENT_MAX`. */
+export declare const COAT_CHECK_CONTENT_MAX: number;
+/** Maximum summary length per coat-check entry — short, listing-friendly preamble. */
+export declare const COAT_CHECK_SUMMARY_MAX = 500;
+/** Maximum free-form contentType string (e.g. `'text/markdown'`). */
+export declare const COAT_CHECK_CONTENT_TYPE_MAX = 64;
+/** Maximum populated coat-check slots per ensemble. Saturation rejects with `CoatCheckSlotsFull`. */
+export declare const COAT_CHECK_SLOTS_MAX = 20;
+/** Minimum allowed `ttlMs` argument on `coat_check_put` — 1 hour. */
+export declare const COAT_CHECK_TTL_MIN_MS: number;
+/** Maximum allowed `ttlMs` argument on `coat_check_put` — 30 days. */
+export declare const COAT_CHECK_TTL_MAX_MS: number;
+/** Default `ttlMs` when caller omits the argument — 7 days. */
+export declare const COAT_CHECK_TTL_DEFAULT_MS: number;
 /**
  * Maximum length of the ensemble description set via
  * `set_ensemble_description` (#399 W1, Q5.1). Soft cap — the MCP tool

package/dist/utils/validation.js

@@ -4,7 +4,7 @@
  * Used by MCP tool Zod schemas and config validation.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_RESTART_LEASE_MS = exports.DEFAULT_RESTART_DETACH_DEADLINE_MS = exports.MAX_DETACH_DEADLINE_MS = exports.RESTART_CONTEXT_MESSAGES_MAX = exports.PREVIEW_MAX_LENGTH = exports.WORKTREE_INSTALL_TIMEOUT = exports.GATE_NOTES_MAX = exports.GATE_CRITERION_TEXT_MAX = exports.GATE_CRITERIA_MAX = exports.GATE_TASK_MAX = exports.CRON_EXPRESSION_MAX = exports.SCHEDULE_MESSAGE_MAX = exports.SCHEDULE_NAME_MAX = exports.PATH_MAX = exports.ENSEMBLE_DESCRIPTION_MAX = exports.PLAYER_STATE_SLOTS_MAX = exports.PLAYER_STATE_CONTENT_MAX = exports.PLAYER_STATE_KEY_MAX = exports.PLAYER_STATE_KEY_REGEX = exports.PLAYER_STATE_DEFAULT_KEY = exports.PART_MAX = exports.MESSAGE_MAX = exports.STAGE_PLAYERS_MAX = exports.STAGE_NAME_MAX = exports.ENSEMBLE_NAME_REGEX = exports.PLAYER_NAME_MAX = exports.PLAYER_NAME_REGEX = void 0;
+exports.DEFAULT_RESTART_LEASE_MS = exports.DEFAULT_RESTART_DETACH_DEADLINE_MS = exports.MAX_DETACH_DEADLINE_MS = exports.RESTART_CONTEXT_MESSAGES_MAX = exports.PREVIEW_MAX_LENGTH = exports.WORKTREE_INSTALL_TIMEOUT = exports.GATE_NOTES_MAX = exports.GATE_CRITERION_TEXT_MAX = exports.GATE_CRITERIA_MAX = exports.GATE_TASK_MAX = exports.CRON_EXPRESSION_MAX = exports.SCHEDULE_MESSAGE_MAX = exports.SCHEDULE_NAME_MAX = exports.PATH_MAX = exports.ENSEMBLE_DESCRIPTION_MAX = exports.COAT_CHECK_TTL_DEFAULT_MS = exports.COAT_CHECK_TTL_MAX_MS = exports.COAT_CHECK_TTL_MIN_MS = exports.COAT_CHECK_SLOTS_MAX = exports.COAT_CHECK_CONTENT_TYPE_MAX = exports.COAT_CHECK_SUMMARY_MAX = exports.COAT_CHECK_CONTENT_MAX = exports.COAT_CHECK_TICKET_MAX = exports.COAT_CHECK_TICKET_REGEX = exports.PLAYER_STATE_SLOTS_MAX = exports.PLAYER_STATE_CONTENT_MAX = exports.PLAYER_STATE_KEY_MAX = exports.PLAYER_STATE_KEY_REGEX = exports.PLAYER_STATE_DEFAULT_KEY = exports.PART_MAX = exports.MESSAGE_MAX = exports.STAGE_PLAYERS_MAX = exports.STAGE_NAME_MAX = exports.ENSEMBLE_NAME_REGEX = exports.PLAYER_NAME_MAX = exports.PLAYER_NAME_REGEX = void 0;
 exports.shouldIncludeInBroadcast = shouldIncludeInBroadcast;
 exports.validatePlayerName = validatePlayerName;
 exports.validateEnsembleName = validateEnsembleName;
@@ -43,6 +43,37 @@ exports.PLAYER_STATE_KEY_MAX = 32;
 exports.PLAYER_STATE_CONTENT_MAX = 32 * 1024;
 /** Maximum number of populated slots per player. Saturation rejects with `PlayerStateSlotsFull`. */
 exports.PLAYER_STATE_SLOTS_MAX = 4;
+// ── Coat-check (#318, ADR 0008) ────────────────────────────────────────────
+//
+// Ensemble-shared, ticket-keyed stash for content too large to inline in a
+// `cue` message body. Lives on per-ensemble Maestro workflow state.
+//
+// Sizing per the #318 architect verdict (which adjusts ADR 0008's 50-slot
+// proposal):
+//   per-entry 32 KiB × max 20 slots → 640 KiB structural max per ensemble.
+//   That lands at ~16 % of Temporal's 4 MiB CAN-payload ceiling — comfortable
+//   headroom on top of existing maestro state (~316 KiB). Saturation refuses
+//   with a `CoatCheckSlotsFull` ApplicationFailure rather than evicting LRU
+//   — cross-host scope makes silent peer eviction a sharper footgun than
+//   the rejection's diagnostic UX.
+/** Coat-check ticket id pattern. Alphanumeric + underscore + hyphen, generated server-side via `uuid4()`. */
+exports.COAT_CHECK_TICKET_REGEX = /^[a-zA-Z0-9_-]+$/;
+/** Maximum coat-check ticket id length. Generous to accommodate uuid4 + future versioning prefixes. */
+exports.COAT_CHECK_TICKET_MAX = 64;
+/** Maximum content size per coat-check entry — 32 KiB. Mirrors `PLAYER_STATE_CONTENT_MAX`. */
+exports.COAT_CHECK_CONTENT_MAX = 32 * 1024;
+/** Maximum summary length per coat-check entry — short, listing-friendly preamble. */
+exports.COAT_CHECK_SUMMARY_MAX = 500;
+/** Maximum free-form contentType string (e.g. `'text/markdown'`). */
+exports.COAT_CHECK_CONTENT_TYPE_MAX = 64;
+/** Maximum populated coat-check slots per ensemble. Saturation rejects with `CoatCheckSlotsFull`. */
+exports.COAT_CHECK_SLOTS_MAX = 20;
+/** Minimum allowed `ttlMs` argument on `coat_check_put` — 1 hour. */
+exports.COAT_CHECK_TTL_MIN_MS = 60 * 60 * 1000;
+/** Maximum allowed `ttlMs` argument on `coat_check_put` — 30 days. */
+exports.COAT_CHECK_TTL_MAX_MS = 30 * 24 * 60 * 60 * 1000;
+/** Default `ttlMs` when caller omits the argument — 7 days. */
+exports.COAT_CHECK_TTL_DEFAULT_MS = 7 * 24 * 60 * 60 * 1000;
 /**
  * Maximum length of the ensemble description set via
  * `set_ensemble_description` (#399 W1, Q5.1). Soft cap — the MCP tool

package/dist/utils/worktree.d.ts

@@ -82,5 +82,22 @@ export declare function createWorktree(opts: CreateWorktreeOpts): CreateWorktree
 export declare function installDependencies(worktreePath: string, timeoutMs?: number): void;
 /**
  * Remove a git worktree.
+ *
+ * Throws if the worktree directory survives the removal (#594). On Windows,
+ * `git worktree remove --force` deletes `.git/worktrees/<name>` metadata
+ * *first*, then `rmdir`s the directory — so when a native `.node` module
+ * inside the worktree is memory-mapped by a live process, the directory
+ * deletion fails while the metadata is already gone. The pre-#594 code
+ * swallowed that failure (log-only, no throw), so the caller reported
+ * success and Temporal state diverged from disk. Now the post-removal
+ * `existsSync` check turns a half-removal into a hard error the caller can
+ * surface.
+ *
+ * `gitRoot` scopes the `git worktree remove` invocation to the owning
+ * repository. Pre-#594 the command ran with no `cwd`, so it only worked when
+ * `process.cwd()` happened to be the right repo — fragile, and wrong outright
+ * when the conductor's cwd is a different checkout than the worktree's repo.
+ * Callers should pass `entry.gitRoot` from the `WorktreeEntry`; it defaults to
+ * `process.cwd()` for backward compatibility.
  */
-export declare function removeWorktree(worktreePath: string): void;
+export declare function removeWorktree(worktreePath: string, gitRoot?: string): void;